From: Arjan van de Ven Date: Thu, 24 Jan 2008 06:00:45 +0000 (+0100) Subject: lockdep: fix kernel crash on module unload X-Git-Tag: firefly_0821_release~23747 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=fabe874a48de45b137f99b4ed3641e0413f465ce;p=firefly-linux-kernel-4.4.55.git lockdep: fix kernel crash on module unload Michael Wu noticed in his lkml post at http://marc.info/?l=linux-kernel&m=119396182726091&w=2 that certain wireless drivers ended up having their name in module memory, which would then crash the kernel on module unload. The patch he proposed was a bit clumsy in that it increased the size of a lockdep entry significantly; the patch below tries another approach, it checks, on module teardown, if the name of a class is in module space and then zaps the class. This is very similar to what we already do with keys that are in module space. Signed-off-by: Arjan van de Ven Signed-off-by: Ingo Molnar Acked-by: Peter Zijlstra Signed-off-by: Linus Torvalds --- diff --git a/kernel/lockdep.c b/kernel/lockdep.c index 4335f12a27c6..e2c07ece367d 100644 --- a/kernel/lockdep.c +++ b/kernel/lockdep.c @@ -2932,7 +2932,7 @@ static void zap_class(struct lock_class *class) } -static inline int within(void *addr, void *start, unsigned long size) +static inline int within(const void *addr, void *start, unsigned long size) { return addr >= start && addr < start + size; } @@ -2955,9 +2955,12 @@ void lockdep_free_key_range(void *start, unsigned long size) head = classhash_table + i; if (list_empty(head)) continue; - list_for_each_entry_safe(class, next, head, hash_entry) + list_for_each_entry_safe(class, next, head, hash_entry) { if (within(class->key, start, size)) zap_class(class); + else if (within(class->name, start, size)) + zap_class(class); + } } if (locked)